WinRM QuickConfig fail with Error number -2147024894 0x80070002 The system cannot find the file specified

Hi.

Trying to configure PS-Remoting for PowerShell on my Windows 7 x64 computer. But it always fails with following message:

D:\>winRm quickConfigWinRM service is already running on this machine.WSManFault Message ProviderFault WSManFault Message = Unable to check the status of the firewall.Error number: -2147024894 0x80070002The system cannot find the file specified.

Sorry. But for sure you mistaken!
You had read only couple of lines in the log and started to think that you know what is the problem is but that is not true.

Please see carefully - I had run there a "powershell .\fixNetwork.ps1" command which changed the "Public" network to "Work network".

And then I had run the "winrm qc" again, this time it was reported the error I stuck with - "Message = Unable to check the status of the firewall. Error number: -2147024894 0x80070002. The system cannot find the file specified."

Only this error is the problem. The other message about Public network is not a problem at all. I'm able to solve that using the .\fixNetwork.ps1 script.

Do you have any idea how to solve the problem with the last error message in a log?

I am not sure what your fix network ps1 does it would help posting that so I could have a better idea of the actions.

I posted the solutions for changing the network type since the exception is firewall related due to network state. If your script changes the network state, please enable then disable your firewall and try again. It is also worth it to run the firewall rule addition after you have changed your network setting.

Run your fix network script verify your firewall is enabled then disabled run winrm qc If you experience any errors restart the firewall then add the rule and run quick config again.

Please note: I can only control FW for "Home" and "Public" networks. I cannot control FW for "Domain" network because it is controlled by domain policy. FW for "Domain" network is always OFF. So, FW for "Domain" network is disabled in Windows GUI and there is a message "For your security some settings are managed by your system administrator".

Also here is some helpful information to help you understand what is being done and why. There are manual options to enable if you have group policy overrides which seem to be the case here.
Note The winrm quickconfig command creates a firewall exception only for the current user profile. If the firewall profile is changed for any reason, winrm quickconfig should be run to enable the firewall exception for the new profile; otherwise, the exception might not be enabled.

Give the link below a careful read before proceeding, most if not all your questions should be answered.

PS. Btw, FW rules for PS I added yesterday. So, I think "netsh firewall add portopening TCP 5985 "Windows Remote Management"" command is not required.
I think the problem could be that "WinRM QC" is not able to validate FW status. So, all the FW rules already exists.
That could be a bug in "WinRM QC". Only the question - if possible to workaround it somehow?

Let me know the results. This points to your firewall as being the issue however with the service running you should be able to connect to other servers even if the fw is disabled once the service is running.

Let's look at what we have looked at:
validated winrm is configured
validated http listener is configured
applied firewall rule to allow the listener
verified the state of the firewall service.

Do you know what GPO is applied on your computer ?

Can you take a look at the GPO for your computer / user object and verify if there is a defined GPO blocking you from completing winrm configuration ?

0

Dmitry_BondAuthor Commented: 2013-09-03

As I could see in the Local Group Policy Editor -> Computer Configuration -> Administrative Templates -> Windows Components -> Windows Remote Management (WinRM) -> all items inside "WinRM Client" and "WinRM Server" are marked as "Not configured".
So, GPO is not defining any restriction to WinRM.

Can you recommend - what also to check in GPO which could be related to this issue?

I take it from your response you do not inherit any GPO setting from AD and the only group policy settings expected are local policy ?

0

Dmitry_BondAuthor Commented: 2013-09-03

Not sure.
My computer is in domain and of course - it is controlled by domain GPO.
But I'm not sure how to see what is the current domain-defined GPO.

I did think Local Group Policy Editor is showing it. So, I thought that AD GPO is way to change local GPO and there is no separate entity called AD GPO locally. Am I mistaken with it?

0

Dmitry_BondAuthor Commented: 2013-09-03

FYI. I just found a way to check resulting GPO. I started rsop.msc to check resulting GPO.

As I can see domain GPO is only changing "Windows Automatic Updates" and "Firewall for Domain" - it is disabling FW for domain.
So, in the Computer Configuration -> Administrative Templates -> Network -> Network Connections -> Windows Firewall -> Domain Profile -> the "Windows Firewall: Protected all network connections" item is Disabled.

But I'm 100% sure this GPO option is absolutely irrelevant to this issue. Because on a new laptop which has 100% the same domain GPO I was successfully configured WinRM for remote access from PS.
So, it looks like some local issue.

Great, so at this point I suggest you manually create a rule in the firewall to allow traffic for the winrm listener, I assume you know how to do this so I will give you the port and a suggested name for the rule.

Port: 5985
Name: Windows Remote Management (HTTP-In)

If you have issues adding this you can stop the firewall then add the rule and restart the firewall.

Looking above we were never able to successfully add the firewall exception, so this should be your potential solution.

0

Dmitry_BondAuthor Commented: 2013-09-03

Waw! It is working. Hallelujah! :-)

So, I had to do following:

run script to fix network type again (the because on every OS restart it is reseting it Public - that is how VmWare network adapters are behaving)

Featured Post

Work with freelancers specializing in everything from database administration to programming, who have proven themselves as experts in their field. Hire the best, collaborate easily, pay securely, and get projects done right.